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(54) Conditional access system with programmable mode of access 



(57) The invention relates to a conditional access 
system. 

In a conditional access system, a service provider 
supplies the user with access conditions relating to var- 
ious modes of access (for example the "subscriber" 
mode or else the "pay per view" mode) and user entitle- 
ments relating to these various access conditions. The 
smartcard which the service provider delivers to each 
user comprises a program making it possible to validate 
the access conditions and the user's entitlements, to 
compare the validated access conditions with the user's 
validated entitlements and : depending on the result of 
the comparison, to execute management operations re- 



lating to certain services. 

According to the invention, the modes of access 
take the form of access mode descriptors each consist- 
ing of a descriptor of a comparison operation and of a 
descriptor of a management operation. The smartcard 
comprises an interpreter module which determines the 
authorized modes of access and : for each authorized 
mode of access, searches for the descriptor of the mode 
of access and performs the comparison and manage- 
ment operations. 

The conditional access system according to the in- 
vention allows the access mode descriptors in the user's 
smartcard to be modified by downloading. 
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Description 

The present invention relates to a conditional ac- 
cess system. 

A conditional access system enables a service pro- 
vider to supply his services only to those users who have 
acquired entitlements to these services. Such is the 
case, for example, with pay television systems. 

As is known to those skilled in the art, the service 
supplied by a service provider consists of an item scram- 
bled by control words. The scrambled item can only be 
descrambled, and hence read by the user in line with 
the entitlements allocated to this user. The scrambled 
item will henceforth be denoted IE(ECG), where ECG 
represents the unscrambled item (the abbreviation ECG 
standing for "Electronically Coded Good"). 

In order to descramble the item, the service provider 
supplies each user with the control words which served 
to scramble the item. So as to keep the control words 
secret, they are supplied after having been encrypted 
with an algorithm with key K. The various encrypted con- 
trol words are sent to the various users in control mes- 
sages which will subsequently be denoted ECM (the ab- 
breviation ECM standing for "Entitlement Control Mes- 
sage"). 

In order to grant access to his service to authorized 
users only : the service provider supplies each of the us- 
ers with a smartcard and a decoder. 

The smartcard makes it possible : on the one hand : 
to validate and record the entitlements of the user to the 
service delivered and : on the other hand : to decrypt, with 
the aid of the key K, the encrypted control words. To this 
end, the smartcard contains the key K of the algorithm 
which allowed the encryption of the control words. 

The decoder, for its part, makes it possible to de- 
scramble the scrambled item on the basis of the item 
consisting of the decrypted control words from the 
smartcard. 

Each user's entitlements are sent in messages for 
managing the user's entitlements which will subse- 
quently be denoted EMM (the abbreviation EMM stand- 
ing for "Entitlement Management Message"). 

According to the prior art, an EMM message con- 
sists of a header and a body. The body of the EMM con- 
tains three main items: 

a first item giving the address of the card of the user; 
a second item giving the description of the user's 
entitlements: 

a third item making it possible to validate the EMM 
and to verity that the user's entitlements contained 
in the EMM are indeed the entitlements reserved 
for the user. 

As mentioned earlier, the encrypted control words 
are sent to the users via the ECMs. 

According to the prior art, an ECM consists of a 
header and a body. 
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The header gives, among other things, the type and 
size of the items contained in the body of the ECM. 

The body consists, among other things, of an item 
containing all the conditions of access to the service 
5 supplied by the provider, of an item containing at least 
one control word encrypted with the algorithm with key 
K and of an item containing a datum dependent on the 
key K and making it possible to validate and verify the 
contents of the ECM and, more particularly, access con- 
10 ditions contained in the ECM. 

When the decoder of a user recognizes the address 
of the card associated with him from among the various 
addresses distributed by the service provider, the EMM 
corresponding to the recognized address is analysed. 
*5 The analysis of the EMM is performed with the aid of an 
analysis algorithm controlled by the key K for encrypting 
the control words. 

If the analysis of the EMM message leads to the 
validating of the latter, the user's entitlements are then 
20 stored in a memory designed for this purpose. 

The user card also comprises a circuit for validating 
the ECMs, an access control circuit and a circuit for de- 
crypting the encrypted control words. 

The circuit validating the ECMs makes it possible 
25 to perform, on the access conditions contained in the 
ECMs, operations identical to those performed on the 
user's entitlements by the circuit for analysing the EMM 
messages. 

If the access conditions are validated, the function 
^0 of the access control circuit is to compare the validated 
access conditions with the user's validated entitlements. 

According to the prior art, the comparison of the val- 
idated access conditions with the user's validated enti- 
tlements is performed according to one or more various 

35 modes of access preprogrammed into the access con- 
trol circuit. 

The term mode of access should be understood to 
mean a category of services which a service provider 
offers his customers. This may., for example, be the 
•*o "subscriber" mode for which the user buys access to a 
service for a certain duration, or else the "pay per view" 
mode for which the user buys the entitlement to watch 
a particular programme broadcast at a particular time. 
The various operations attached to one and the 
45 same mode of access are of two types: 

a first type concerns the operation for comparing the 
validated access conditions with the user's validat- 
ed entitlements, as mentioned above: 

50 - a second type concerns the management opera- 
tions executed subsequent to the comparison func- 
tion and the nature and number of which depends 
on the result of the comparison. Thus, for example, 
a signal authorizing the decrypting of the control 

55 words is transmitted to the decryption circuit if ac- 

cess is authorized. 

As mentioned above, according to the prior art, var- 
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ious operations attached to a mode of access are all pre- 
programmed into the access control circuit contained in 
the user card. Thus, in the case in which a service pro- 
vider wishes to offer a new mode of access to his cus- 
tomers, it is necessary for him to change the entire stock 
of user cards. 

The various operations relating to a new mode of 
access are then programmed into the new user cards 
which the service provider distributes to his customers. 

This represents a drawback, especially in terms of 
costs. 

In general ; according to the prior art the programs 
which allow the decoder and the user card to operate 
are not developed by the service provider himself. 
These programs are then developed by a provider of 
conditional access programs, depending on specifica- 
tions drawn up by the service provider. 

Thus, according to the prior art, conditional access 
programs specific to the decoder and to the user card 
are designed for each new application and for each 
service provider. 

It is also then almost impossible for a provider of 
conditional access programs who has produced a pro- 
gram relating to a first application to adapt this program 
to a new application whose requirements in terms of ac- 
cess modes are substantially different from those of the 
first application. This presents another drawback. 

The invention does not present the drawbacks men- 
tioned above. 

Thus, the invention relates to a message (ECM) 
containing access conditions (CDA) relating to at least 
one mode of access offered by a service provider. The 
message (ECM) contains a datum making it possible to 
identify and validate the mode of access. 

The invention also relates to a message (EMM) con- 
taining a description of the entitlements possessed by 
a user with regard to at least one service delivered by a 
service provider. The description of the user's entitle- 
ments consists of a string of fields, each field comprising 
the description of an entitlement. 

The invention also relates to a conditional access 
system management message enabling a service pro- 
vider to supply his services, according to at least one 
mode of access, to a user who has acquired entitle- 
ments to these services. The message contains at least 
one descriptor of at least one mode of access. 

The invention further relates to a process for loading 
into a security element access conditions relating to at 
least one mode of access offered by a service provider. 
The process consists in loading the access conditions 
in the form of a string of fields, each field comprising the 
description of an access condition. 

The invention further relates to a process for loading 
into a security element entitlements possessed by a us- 
er with regard to at least one service delivered by a serv- 
ice provider. The process consists in loading satd enti- 
tlements in the form of a string of fields, each field com- 
prising the description of an entitlement. 



The invention further relates to a process for loading 
into a security element at least one mode of access re- 
lating to a service offered by a service provider. The 
process comprises a step making it possible to load at 
5 least one datum making it possible to identify and vali- 
date the mode of access and a step making it possible 
to load at least one descriptor of the mode of access. 

The invention further relates to a process making it 
possible to descramble a scrambled service supplied to 

10 a user said process comprising at least one step making 
it possible to load into a security element at least one 
mode of access relating to said service, at least one step 
making it possible to supply, via a first message, a de- 
scription of the conditions of access to the scrambled 

1 5 service, at least one step making it possible to supply, 
via a second message, a description of the user's enti- 
tlements to the scrambled service and a step making it 
possible to validate the user's entitlements. The step 
making it possible to load into a security element at least 

20 one mode of access comprises a step of loading at least 
one datum making it possible to identify and validate the 
mode of access and a step of loading at least one de- 
scriptor of the mode of access comprising a descriptor 
of a comparison operation and a descriptor of a man- 

25 agement operation, the step making it possible to supply 
a description of the access conditions makes it possible 
to define the access conditions as a first string of fields 
and the step making it possible to supply a description 
of the user's entitlements makes it possible to define the 

30 user's entitlements as a second string of fields. 

The invention further relates to a security element 
enabling a user to access a service, the security element 
comprising a first memory circuit making it possible to 
store the validated entitlements possessed by the user 

35 with regard to the service and an access control circuit 
making it possible to compare with the validated entitle- 
ments the validated access conditions associated with 
at least one mode of access. The security element com- 
prises a second memory circuit making it possible to 

-to store at least one mode of access in the form of descrip- 
tors of the mode of access and the access control circuit 
comprises an interpreter module making it possible to 
determine whether at least one mode of access is or is 
not authorized and, for an authorized mode of access, 

-ts to search for at least one descriptor of the authorized 
mode of access, the descriptor of the authorized mode 
of access comprising a descriptor of a comparison op- 
eration and a descriptor of a management operation, the 
implementation of the management operation following 

50 upon the comparison operation and making it possible 
to generate a signal authorizing or not authorizing ac- 
cess to the service. 

The invention further relates to a conditional access 
system enabling a service provider to supply his servic- 
es es only to users who have acquired entitlements to 
these services, the services consisting of an item scram- 
bled by control words, the system comprising, for each 
user, at least one decoder and at least one security el- 
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ement. The security element is a security element such 
as that mentioned above according to the invention. 

According to the invention, each operation relating 
to a mode of access is coded in the form of a descriptor 
of the operation. The term descriptor of an operation 5 
should be understood to mean a set of elementary data 
making it possible to reconstruct the operation on the 
basis of an interpretation program. 

In the remainder of the description, the descriptor 
of an operation relating to a mode of access will be re- io 
ferred to as an access mode descriptor. 

According to the preferred embodiment of the in- 
vention, an access mode descriptor consists of a de- 
scriptor of a comparison operation and of a descriptor 
of a management operation. This type of descriptor ad- >5 
vantageously makes it possible to define a large number 
of functions. 

Moreover, still according to the invention, the ac- 
cess conditions as well as the entitlements of the users 
are described in the form of a string of fields of variable 20 
Lengths. 

Unlike a prior art conditional access system, the 
conditional access system according to the invention 
thus offers the advantage of very high flexibility of im- 
plementation. 25 

As mentioned earlier, one advantage of the inven- 
tion is that it avoids the need for the service provider to 
have to change the entire stock of user cards which he 
distributes when he wishes to modify the various modes 
of access which he wishes to offer. 30 

Other characteristics and advantages of the inven- 
tion will emerge on reading a preferred embodiment of 
the invention given with reference to the appended fig- 
ures in which: 

35 

Figure 1 represents an access mode descriptor 
loading message according to the invention: 
Figure 2a represents an EMM type user entitlement 
management message according to the invention; 
Figure 2b represents a detail view of Figure 2a: -to 
Figure 3a represents an ECM type control message 
according to the invention; 
Figure 3b represents a detail view of Figure 3a; 
Figure 4 represents the schematic of a security el- 
ement according to the invention. is 

In all the figures, the same labels denote the same 
elements. 

Figure 1 represents an access mode descriptor 
loading message according to the invention. so 

The access mode descriptor loading message con- 
sists of a block 1 containing the header H1 of the mes- 
sage, a block 2 containing the address AD of a user for 
whom the message is intended, a body 3 containing the 
descriptor DMA of at least one mode of access and a ss 
block 4 containing a datum HASH K making it possible 
to validate and verify the contents of the message. The 
datum KASH K is controlled by the key K for encrypting 



the control words. 

As mentioned earlier, according to the preferred 
embodiment of the invention, each access mode de- 
scriptor consists of a descriptor of a comparison opera- 
tion and of a descriptor of a management operation. 

As far as the comparison operation is concerned, it 
can be modelled, for example, as a Boolean function 
whose parameters are Booleans which are themselves 
the result of elementary comparison functions. 

In general, the descriptor of the comparison func- 
tion of an access mode according to the invention con- 
sists of the following elements: 

a list of elementary operators each of which is fol- 
lowed by the identifiers of its parameters: 
the formula for the comparison operation itself. 

As far as the management operation is concerned, 
its implementation consists in incorporating a list of ba- 
sic management functions into the interpreter and in de- 
fining the descriptor of the management operation as a 
string of functions for calling up each basic management 
function. Each call function includes an identifier of the 
basic management function associated therewith as 
well as identifiers of the input parameters, and possibly 
output parameters, of the basic management function. 

Each descriptor of the management operation also 
comprises an item which indicates, depending on the 
result of the comparison, whether the management op- 
eration is or is not to be executed. 

Figure 2a represents an EMM type user entitlement 
management message according to the invention. 

The user entitlement management message con- 
sists of a block 5 containing the header H2 of the mes- 
sage, a block 6 containing the address AD of a user for 
whom the message is intended, a body 7 containing the 
description DU of the user's entitlements according to 
the invention and a block 8 containing a datum HASH K 
making it possible to validate and verify the contents of 
the message. The datum H ASH K is controlled by the key 
K for encrypting the control words. 

Figure 2b represents the detailed view of the block 
7 containing the description of the user's entitlements 
according to the invention. 

The description of the user's entitlements is com- 
posed of a string of fields EF1 , EF2, EFm. 

Each field EFj (j=l, 2, .... m) comprises a header 
HDj and the description of an entitlement Dj. The header 
HDj contains an indentifier of the field as well as a datum 
representing the size of the field. 

Figure 3a represents an ECM type control message 
according to the invention. 

The ECM type control message consists of a block 
9 containing the header H3 of. the message, a block 10 
containing a datum MA making it possible to list the var- 
ious modes of access via which the services supplied 
can be accessed by the users, a body 11 containing the 
description CDA of the various access conditions, a 
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block 1 2 containing the control words E(CWi) K encrypt- 
ed with the encryption algorithm with key K and a block 
1 3 containing a datum HASH K making it possible to val- 
idate and verify the contents of the message. The datum 
H ASH K is controlled by the key K for encrypting the con- 
trol words. 

The datum MA consists of a string of items each 
relating to a different mode of access. Each item relating 
to a mode of access consists of a code representative 
of the mode of access and of a binary item making it 
possible to indicate whether the mode of access is or is 
not accessible to the user 

Figure 3b represents the detailed view of the block 
11 containing the description of the access conditions 
according to the invention. 

The description of the access conditions is com- 
posed of a string of fields CF1 , CF2, CFn. 

Each field CFj (j = 1 , 2 n) comprises a header 
HCj and the description of an access condition CAj. The 
header HCj contains an identifier of the field as well as 
a datum representing the size of the field. 

Advantageously, the formats of the EMM and ECM 
messages according to the invention are independent 
of the nature and of the number of access modes used. 
These formats are therefore very flexible by nature and 
adapt easily to any application and to any type of access 
mode. 

Figure 4 represents the schematic of a security el- 
ement according to the preferred embodiment of the in- 
vention. The security element 14 is preferably a smart- 
card. 

The smartcard 14 principally comprises six circuits: 

a circuit 1 5 for validating the EMM type user entitle- 
ment management messages and the messages 
for loading the access mode descriptors: 
a circuit 16 for storing the user's validated entitle- 
ments: 

a circuit 1 7 for storing the descriptors of the access 
modes: 

a circuit 18 for validating the ECM type messages; 

a circuit 19 for access control: 

a circuit 20 for decrypting the encrypted control 

words. 

On its input, the circuit 15 receives either the EMM 
messages, or the messages for loading the access 
mode descriptors MCMA. 

The function of the circuit 1 5 is to verify the validity 
of the EMM messages as well as that of the MCM^ mes- 
sages. To this end ; the circuit 15 contains the K of 
the algorithm for encrypting the control words. 

If an EMM message is validated, then the user's en- 
titlements which it contains are stored in the circuit 16. 
Likewise : if an MCMA message is validated, then the 
access mode descriptors which it contains are stored in 
the circuit 17. 

Preferably, the memory area of the circuit 17, in 



which the access mode descriptors are stored, is an 
electronically erasable memory commonly referred to 
as EEPROM (EEPROM standing for "Electronically 
Erasable and Programmable Read Only Memory"). Ad- 

s vantageously, the access mode descriptors can then be 
modified or changed by downloading. 

However, the invention also relates to the case in 
which the memory area of the circuit 17 is a non-erasa- 
ble memory commonly referred to as ROM (the abbre- 

'0 viation ROM standing for "Read Only Memory"). The ac- 
cess mode descriptors may not then be modified. 

According to the invention, at the time it is put into 
circulation, a smartcard can contain access mode de- 
scriptors either essentially in an EEPROM type memory 

'5 area, or essentially in a ROM type memory area, or in 
both an EEPROM type memory area and a ROM type 
memory area. 

Preferably, the access mode descriptors defined 
when the smartcard is put into circulation are stored in 

20 a ROM type memory area. 

The function of the circuit 18 is to verify the validity 
of the ECM messages. To this end, the circuit 18 con- 
tains the key K of the algorithm for encrypting the control 
words. 

25 The access control circuit 19 comprises an inter- 
preter module making it possible to control access to the 
programs. The function of the interpreter module is to 
determine whether the user may have access to the pro- 
gram selected on the basis of three types of parameters: 

30 

the user's validated entitlements; 

the access conditions contained in the current ECM 

message; 

the access mode descriptors. 

35 

Via the datum MA contained in the current ECM 
message, the interpreter module determines the author- 
ized access modes. 

For each of the authorized access modes, the inter- 
ne* preter module searches for the access mode descriptor 
which corresponds thereto and, for each of the validated 
entitlements of the user of the card in the selected mode 
of access, executes the function for comparing between 
at least one field CFi of the ECM message and at least 
45 one field EFj of the EMM message. The fields CFi and 
EFj being provided with identifiers, their use may advan- 
tageously be specified by the elementary comparison 
functions mentioned earlier. 

If the result of the comparison authorizes access, 
so the interpreter module halts the operation for evaluating 
entitlements and executes the management functions 
specified in the access mode descriptor. A signal S out- 
put by the access control circuit 19 and applied to the 
decryption circuit 20 authorizes the decryption of the 
55 control words. The decrypted control words CWi are 
then output from the smartcard. 

If the result of the comparison does not authorize 
access, the interpreter module carries out the functions 
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described in the access mode descriptor corresponding 
to the case in which access is not authorized. 

An advantage of the invention is that it defines the 
access modes with the aid of simple descriptors which 
can be designed directly by the service provider. It is 5 
then no longer necessary for the service provider to 
have recourse to a provider of access control pro- 
grammes as is often the case in prior art conditional ac- 
cess systems. 

Advantageously, the invention allows simple and in- 10 
expensive updating whilst ensuring a high level of se- 
curity. 

As is known to those skilled in the art, conditional 
access systems are mainly of two types. 

A first type of system is commonly referred to as an is 
on-line system. In an on-line system, the scrambled item 
IE(ECG) is an item consisting of a signal distributed si- 
multaneously to the various customers of the service 
provider from a single source. This distribution can be 
performed, for example, over the airwaves or else by 20 
cable. In such a conditional access system, the ECM 
messages are sent by the service provider together with 
the scrambled item IE(ECG). 

A second type of conditional access system is a 
system with a stand-alone data medium. In a system 25 
with a stand-alone data medium, the scrambled item IE 
(ECG) and the ECMs are contained on a stand-alone 
data medium such as, for example, a digital video disc 
commonly referred to as a DVD or else a compact disc 
commonly referred to as a CD. 30 

The invention relates to both of the abovemen- 
tioned types of conditional access systems. 

According to the invention, the conditional access 
programs can be updated without the service provider 
needing to change the entire stock of smartcards and 35 
decoders which he supplies to his customers. This char- 
acteristic finds a particularly advantageous application 
in the case of conditional access systems with a stand- 
alone data medium in which the ECMs have a format 
such as that mentioned previously according to the in- *o 
vention. 

Claims 

45 

1. Message (ECM) containing access conditions 
(CDA) relating to at least one mode of access of- 
fered by a service provider characterized in that it 
contains a datum (MA) making it possible to identify 
and validate the mode of access, and in that the ac- 50 
cess conditions (CDA) consist of a string of fields 
(CF1, CF2 : CFn), each field containing the de- 
scription of an access condition (CAj). 

2. Message (ECM) according to Claim 1 f character- 55 
ized in that each field comprises a header (HCj). 

3. Message (EMM) containing a description of the en- 
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titlements (DU) possessed by a user with regard to 
at least one scrambled service delivered by a serv- 
ice provider, characterized in that the description of 
the user's entitlements consists of a string of fields 
(EF1 : EF2, EFm), each field comprising the de- 
scription of an entitlement (Di). 

4. Message (EMM) according to Claim 3, character- 
ized in that each field comprises a header (HDi). 

5. Conditional access system management message 
(MCMA) enabling a service provider to supply his 
services, according to at least one mode of access, 
to a user who has acquired entitlements to these 
services, characterized in that it contains at least 
one descriptor (DMA) of at least one mode of ac- 
cess. 

6. Message (MCMA) according to Claim 5, character- 
ized in that the access mode descriptor (DMA) con- 
sists of a descriptor of a comparison operation and 
of a descriptor of a management operation. 

7. Message (MCMA) according to Claim 6, character- 
ized in that the descriptor of the comparison oper- 
ation consists of a list of elementary operators each 
of which is followed by the identifiers of its param- 
eters and in that the descriptor of the management 
operation consists of a string of functions for calling 
up basic management functions. 

8. Process for loading into a security element access 
conditions (CDA) relating to at least one mode of 
access offered by a service provider characterized 
in that it comprises a step of downloading at least 
one datum (MA) making it possible to identify and 
validate the mode of access and in that it consists 
in loading the access conditions in the form of a 
string of fields (CF1 , CF2 .... CFn), each field con- 
taining the description of an access condition (CAj). 

9. Process for loading into a security element entitle- 
ments (DU) possessed by a user with regard to at 
least one scrambled service (IE(ECG)) delivered by 
a service provider, characterized in that it consists 
in loading said entitlements in the form of a string 
of fields (EF1 , EF2, .... EFn), each field comprising 
the description of an entitlement (Di). 

10. Process for loading into a security element at least 
one mode of access relating to a service offered by 
a service provider, characterized in that it comprises 
a step allowing the downloading of at least one da- 
tum (MA) making it possible to identify and validate 
the mode of access and a step making it possible 
to load at least one descriptor (DMA) of the mode 
of access. 
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11. Process according to Claim 10, characterized in 
that the step making it possible to load at least one 
descriptor (DMA) of the mode of access is a step of 
downloading said descriptor (DMA). 

5 

12. Process making it possible to descramble a scram- 
bled service (IE(ECG)) supplied by a service pro- 
vider to a user, said process comprising at least one 
step making it possible to load into a security ele- 
ment at least one mode of access relating to said to 
service, at least one step making it possible to sup- 
ply, via a first message (ECM), a description of the 
conditions of access to the scrambled service, at 
least one step making it possible to validate the ac- 
cess conditions, a step making it possible to supply, ^ 
via a second message (EMM), a description of the 
user's entitlements to the scrambled service and a 
step making it possible to validate the user's enti- 
tlements, characterized in that the step making it 
possible to load into a security element at least one 20 
mode of access comprises a step of downloading 
at least one datum (MA) making it possible to iden- 
tify and validate the mode of access and a step of 
loading at least one descriptor (DMA) of the mode 
of access comprising a descriptor of a comparison 25 
operation and a descriptor of a management oper- 
ation, in that the step making it possible to supply a 
description of the access conditions makes it pos- 
sible to define the access conditions as a first string 
of fields (CF1, CF2 .... CFn) and in that the step 30 
making it possible to supply a description of the us- 
er's entitlements makes it possible to define the us- 
er's entitlements as a second string of fields (EF1 , 

EF2 EFm). 18. 
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13. Process according to Claim 12. characterized in 
that the step of loading the descriptor (DMA) is a 
step of downloading the descriptor (DMA). 

14. Process according to Claim 1 2 or 13, characterized 10 
in that it comprises a step whereby for at least one 
mode of access, an interpreter module stored in the 
security element can search for the access mode 
descriptor corresponding thereto and, for each of 

the user's validated entitlements, can execute the 
function for comparing between at least one field 
(CFi) of the first string of fields (CF1, CF2, ... CFn) 
and at least one field (EF1, EF2, EFm) of the 
second string of fields in such a way that, if the result 
of the comparison authorizes access, the interpret- so 
er module executes the management operation 
and, if the result of the comparison does not author- 
ize access, the interpreter module carries out the 
functions described in the access mode descriptor 
corresponding to the case in which access is not 55 
authorized. 



service, the security element comprising a first 
memory circuit (16) making it possible to store the 
validated entitlements possessed by a user with re- 
gard to a service and an access control circuit (19) 
making it possible to compare with the validated en- 
titlements the validated access conditions associat- 
ed with at least one mode of access, characterized 
in that it comprises a second memory circuit (17) 
making it possible to store at least one mode of ac- 
cess in the form of descriptors of the mode of ac- 
cess and in that the access control circuit comprises 
an interpreter module making it possible to deter- 
mine whether at least one mode of access is or is 
not authorized and, for an authorized mode of ac- 
cess, to search for at least one descriptor of the au- 
thorized mode of access, the descriptor of the au- 
thorized mode of access comprising a descriptor of 
a comparison operation and a descriptor of a man- 
agement operation, the implementation of the man- 
agement operation following upon the implementa- 
tion of the comparison operation and making it pos- 
sible to generate a signal authorizing or not author- 
izing access to the service. 

16. Security element (14) according to Claim 15, char- 
acterized in that the interpreter module comprises 
a list of basic management functions. 

17. Security element (14) according to either one of 
Claims 15 or 16, characterized in that the second 
memory circuit (17) comprises an electronically 
erasable memory area. 



Conditional access system enabling a service pro- 
vider to supply his services only to users who have 
acquired entitlements to these services, the servic- 
es consisting of an item scrambled by control 
words, the system comprising, for each user, at 
least one decoder and at least one security ele- 
ment, characterized in that the security element is 
a security element according to any one of Claims 
15 to 17. 



15. Security element (14) enabling a user to access a 
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